The Community for Technology Leaders
2016 IEEE 29th Computer Security Foundations Symposium (CSF) (2016)
Lisbon, Portugal
June 27, 2016 to July 1, 2016
ISSN: 2374-8303
ISBN: 978-1-5090-2608-1
pp: 45-60
ABSTRACT
Compartmentalization is good security-engineering practice. By breaking a large software system into mutually distrustful components that run with minimal privileges, restricting their interactions to conform to well-defined interfaces, we can limit the damage caused by low-level attacks such as control-flow hijacking. When used to defend against such attacks, compartmentalization is often implemented cooperatively by a compiler and a low-level compartmentalization mechanism. However, the formal guarantees provided by such compartmentalizing compilation have seen surprisingly little investigation. We propose a new security property, secure compartmentalizing compilation (SCC), that formally characterizes the guarantees provided by compartmentalizing compilation and clarifies its attacker model. We reconstruct our property by starting from the well-established notion of fully abstract compilation, then identifying and lifting three important limitations that make standard full abstraction unsuitable for compartmentalization. The connection to full abstraction allows us to prove SCC by adapting established proof techniques, we illustrate this with a compiler from a simple unsafe imperative language with procedures to a compartmentalized abstract machine.
INDEX TERMS
program compilers, security of data
CITATION

Y. Juglaret, C. Hritcu, A. A. Amorim, B. Eng and B. C. Pierce, "Beyond Good and Evil: Formalizing the Security Guarantees of Compartmentalizing Compilation," 2016 IEEE 29th Computer Security Foundations Symposium (CSF), Lisbon, Portugal, 2016, pp. 45-60.
doi:10.1109/CSF.2016.11
267 ms
(Ver 3.3 (11022016))